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IN THE CLAIMS : 

Please cancel claims 1 - 6 in their entirety and without prejudice and 

substitute the following new claims: 



1 -7. A method for verifying the usage of public keys derived from a set of 

2 asymmetric keys, a public key (Kp) and private key (Ks) generated for a given use, 

3 such as encryption/decryption or digital signature verification/generation, by an on- 

4 board system and stored in the storage area of an on-board system (Si) equipped 

5 with cryptographic calculation means and externally accessible read/write-protected 

6 means for storing digital data, said digital data (IDdi) comprising at least a serial 

7 number (SNO for identifying the on-board system and an identification code (Opj) of 

8 an operator authorized to configure said on-board system, the request being 

9 formulated by said on-board system by transmitting a request message (MRCA) 

10 containing said public key (Kp) to a certification authority (CA), comprising: 

11 PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST, DURING THE 

12 CONFIGURATION OF A SET (Lk) OF ON-BOARD SYSTEMS (Si) BY THE 

13 AUTHORIZED OPERATOR: 

14 - generating by the authorized operator, for said set of on-board systems, a 

15 mother public key (KpM) and a mother private key (KsM) used in connection with a 

16 process supported by an algorithm (CA1 M); 

17 - publishing said mother private key (KpM) associated with the algorithm 

18 (CA1 M), the identification code of said authorized operator (OPj), and defining a 

19 range of on-board system identifiers for the set (Lk) of on-board systems; 

2 0 - calculating, for each on-board system of said set (Lk) of on-board systems, 
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2 1 from said mother private key (KsM) and from the serial number (SNi) of the on-board 

22 system, a diversified private key (KsMj), and storing said diversified private key 
2 3 (KsMi) in said externally accessible, read/write-protected storage area, and; 

2 4 PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST MESSAGE: 
2 5 fi i-[ generating by the on-board system a certification request (RCA) containing, in 

2 6 particular, a field of the public key (CA1 , Kp) and usage indicators (U) of said public 

2 7. key, 

2 8 - using said calculation means and said diversified key (KsMi) associated with 
?2 9 this on-board system to calculate a cryptographic control value (Sq) on the entire 

Is? 

43 o request (RCA), said cryptographic control value being a digital signature calculated 

ii 

^3 1 by means of the diversified private key (KsMi); 

^32 WHEN A CERTIFICATION REQUEST IS SENT TO THE CERTIFICATION 

i33 AUTHORITY BY THE ON-BOARD SYSTEM: 

II 3 4 - forming a certification request message (MRCA) containing the request 

335 (RCA), the identifier (IDdi) of the on-board system, the request message being 

3 6 constituted by the identification code (OPj) of this authorized operator and by the 
37 serial number (SNO of the on-board system, and a cryptographic control value (Sci); 
3 8 - transmitting to the certification authority (CA) said request message (MRCA) 

3 9 formed during the preceding phase and containing the public key (Kp) and the usage 

4 0 indicators (U) subject to said certification, and said cryptographic control value (Sq); 

41 and 

42 WHEN A CERTIFICATION REQUEST MESSAGE (MRCA) IS RECEIVED BY THE 

43 CERTIFICATION AUTHORITY: 

44 - retrieving the identification code of the authorized operator (OP]) from the 
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45 digital data (IDdj) of the on-board system, 

4 6 - retrieving, from said identification code (OPj) of said authorized operator, the 

47 value of the mother public key (KpM) as well as the identifier of the algorithm 

4 8 (CA1 M) associated with the set (Lk) of the on-board system, 

49 - verifying, from said mother public key (KpM), from said serial number (SNj) of 
^|he on-board system, and from said certification request message (MRCA) received, 

5 1 said cryptographic control value (Sci), and establishing the authenticity of said 

52 cryptographic control value and the source of this certification request. 



8. A method according to claim 7, characterized in that when the 

2 certification request (RCA) is generated by the on-board system, the method further 

3 comprises generating, at the on-board system level, a certification request (RCA), 

4 composed of three fields, including a public key algorithm identifier (CA1 ), a public 

5 key value (Kp), and an indicator of the usages of said key (U). 

1 9. A method according to claim 7, characterized in that when the 

2 certification request is completed by the on-board system, the method further 

3 comprises the step of communicating a certification request template (GRCA) to said 

4 on-board system; 

5 - checking, at the on-board system level, the syntax of the certification request 

6 template (GRCA) to ensure that it is a correctly formed certification request, and 

7 - conditioning a step consisting of having the on-board system fill in missing 

8 fields of the certification request template (GRCA) to a positive verification. 
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1 10. A method according to claim 7, characterized in that, for a set of 

2 asymmetric signature keys (Kp), (Ks) generated by said on-board system, allowing 

3 use of the private key (Ks) under control of the cryptographic calculation means only 

4 for signature generation purposes, said private key (Ks) stored in said externally 

5 accessible read/write-protected storage area being unknown to the user and limited 
6^t^ a utilization exclusively for digital signature purposes, the utilization of said key 

7 being limited to signature purposes and the utilization of the certificate containing the 

8 corresponding public key being limited to signature verification purposes. 



Ml 1 1 . A method according to claim 7, characterized in that for a set of 

2 asymmetric keys, a public asymmetric encryption key (Ep) and a private asymmetric 

^ 3 decryption key (Ds) generated by said on-board system, the method consists of 

^ 4 associating, with said encryption and decryption keys (Ep), (Ds) and with the 

**, 5 asymmetric decryption process, a symmetric "weak" decryption process and key, the 

6 symmetric decryption key being encrypted, then decrypted, by means of the private 

7 asymmetric decryption key (Ds), said private key (Ds) stored in said externally 

8 accessible read/write protected storage area being unknown to the user, so as to 

9 authorize the utilization of said key only for weak decryption purposes, the utilization 

10 of the certificate containing the corresponding public key being limited to said weak 

11 encryption purposes. 
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12. An on-board system comprising a card having a microprocessor, a 
RAM, a nonvolatile memory including a programmable memory and an externally 
accessible protected storage area memory, a cryptographic calculation module and 
an input/output system connected by a link of the BUS type, 

- a diversified private key KsMj stored in said externally accessible protected 

\ ) 

\ memory, said diversified private key, being unique and distinct for said on-board 
system and calculated from a mother private key KsM and an identification number 
of said on-board system, and being further associated with a mother public key KpM; 

- said cryptographic calculation module comprising: 

- means for calculating a signature from said diversified private key KsMi , 
making it possible to calculate the signature of a certification request to certify a 
public key Kp associated with a private encryption key Ks or signature key, 
respectively, said private key Ks generated by said signature calculation means 
being stored in said externally accessible protected memory, said signature of a 
certification request being a function of the identification number of said on-board 
system, said signature calculation means making it possible to transmit to a 
certification authority a certification request message containing said certification 
request and said signature, which allows said certification authority to verify the 
source of the certification request from said on-board system and the protection of 
said diversified private key and private signature key in said externally accessible 
protected memory using only public elements, such as said mother public key 

Kpjyi.-- — . 
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